On Wed, Jan 12, 2011 at 3:33 PM, Todd Platt <[email protected]> wrote: > All, > > I have a question about setting the SecRequestBodyLimit parameter. > Currently, we have 2 web servers on different networks that has mod > security running. One server has the SecRequestBodyLimit parameter set > in the mod_security.conf file and the other server has it defined in > modsecurity_crs_10_config.conf. Does it matter which file defines the > SecRequestBodyLimit parameter? Does either location make the load on > the servers less?
No difference for the load. I prefer to put such definition in modsecurity_localrules.conf. This because if you install mod_security with the package manager of your distro if is possible that an update overwrite the mod_security.conf, for example. > What is the default value for this parameter if none > is specified? We are trying to get a control of the size of attachments > that are uploaded to our portal. > > The default of SecRequestBodyLimit is 131072KB: There is an hard limit of 1GB. hth
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
